Securing PHP : Disabling Dangerous PHP Functions

PHP is a very popular language nowadays. But at the same time, it’s also one of the main sources for user accounts and servers getting compromised. Every PHP developer and hoster should understand the primary attack vectors being used by attackers against PHP applications. They also should be able to classify PHP functions that allowed to be used and disable cirtain functions that can be categorized as dangerous.

Based on my experience and a big help from Google, I can categorize the following functions as dangerous :-

The default PHP configuration is intended for development purposes. Therefore, it is always advisable to reconfigure PHP before going into production phase. Some security settings are also recommended during the development phase to prevent programmers from producing vulnerable code, and make them stick to secure techniques.